Zentyal Forum, Linux Small Business Server
Zentyal Server => Directory and Authentication => Topic started by: stefanobr on July 09, 2020, 02:58:25 am
-
Hi all,
An external company did a pen test on our Zentyal servers and found some issues with the samba certificates, namely:
SSL Certificate Signed Using Weak Hashing Algorithm
SSL Medium Strength Cipher Suites Supported (SWEET32)
How would I go about solving this? Do I need to issue new, self signed certificates for samba? Or am I completely off track?
Thank you so much in advance!
Regards,
S~
-
:)
Read this: https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC (https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC)
Prepare your own certificates with the needed options with openssl.
Cheers!